Protection Statistics

Installed PG3.05 couple of hours or so ago. The only thing different I have noticed is this...

On GUI, Main, Protection Statistics.

Something seems to have been changed for this?
On 3.05 after the first reboot (if I remember correctly) it said "PG has protected your computer from 1 attack".

After another reboot or two and up to now, it is informing me that I have been protected against 5 attacks."

Now, after all the time I had with PG3 (and the betas), I never saw that number change from zero. I doubt very much if anything else has changed, that is I haven't suddenly and coincidentally been subject to five attacks, so can I assume something in the app has been activated or changed to work differently?

Assuming this is how the prog now works, is there anyway to reset this figure, or does it keep on mounting until the next version of PG?

Just curious..

 

Oremina, Did you re-install and start in learning mode? If so then as new allows etc are logged then ProcessGuard will see these as attacks. If, however, you followed Jason's instructions then it is probably just the new .exe changes.
I did a clean install on this PC & it shows I have had 62 attacks before leaving LM You can see that these "attacks" in the alert log.

I pesonally do not like this feature but apparently it has been requested, I would like to have the option to switch it off.

Cheers. Pilli

 

HKey_Local_Machine\Software\Diamond Computer Systems\ProcessGuard v3.0

Change DWORD AlertCount to 0

Turn OFF Execution Protection first and close PG GUI.

Then start PG GUI and turn ON Execution Protection.

Maybe the word ATTACK should be something more indicative of the what the counter actually is doing.... BLOCK ALERTS ....

 

Thanks Siliconeman, A simple option box would be easier for those that do not understand or play with their registeries
One addition I do like very much is the warning pop up when you go to disable protection and I think this will probably be expanded to include the four general options in a later build, well at least I hope so.

Cheers. Pilli

 

U B Welcome,

I agree with what you're saying. Would be nice to be able to easily clear the ATTACK counter, the main log which gets pretty big, etc. I feel confident DCS will be continuing to enhance PG.

 

Siliconman01

Thanks.. you're a gentleman and a scholar, worked like a charm (needed reboot)
but back to zero.

Pilli
Actually I did it both ways.... first off I did it using Jason's instructions, edit registry and reuse pghash.dat etc.. It seemed to go well but when I rebooted I had a warning (and I can't remember the exact wording) that pgaccount.exe was not working or only partly opened....something along those lines but can't remember exactly. So I decided to do it the clean reinstall way and I got rid of everything, including cleaning the reg.

Then did the clean reinstall.

Now, please correct me if I'm wrong, but it used to be the perceived wisdom that PG was there to protect vulnerable apps, AV's, AT's, Firewalls and various other apps that needed internet access, eg mailwasher, Outlook, various updates etc. etc. That is the way I've always done it, but the current recommendation to leave learning mode on for longer means that more and more apps are in Protection. Before I uninstalled PG3 this morning, I had around 60 apps in Protection....I could easily run up more than 100 if all the progs I used (not that many) were activated in LM. To be perfectly honest, I don't see the point in my EasyCD Creator or jv16 powertools or Irfanview etc. etc. being in Protection.

So you're right that the 5 "attacks" all took place in LM, but I have to say I have never seen it before.

Could you tell me therefore if the recommendation by DCS is that, as before, only the security type apps mentioned above need to go into Protection...or anything and everything If the former, then LM really doesn't need to be on for too long does it? That and due diligence paid to Alerts ('tho we're all human!!) should suffice.

Just want to get the best out of PG..

 

Hi Oremina, I think the policy is still the same i.e. Run your Internet and security apps whilst in learning mode. After the first reboot (after restart) add the four general protections, reboot and LM will have made the correct allows for the enabled general tabs and LM should now be disabled.
Personally I tailor the allows after LM is disabled based on my experience and this is not recommended for new or less proficient users.
I then run non net enabled programs so that they get added to the security list making them either permit once or permit always depending on what they are. For instance I like to see when programs update so I give the updater the permit once flag.
The reason that LM is made like this is so that is new users and less experienced users are able to use ProcessGuard with limited or deep knowledge of their systems but still enhancing their machine's security greatly.

Pilli

 

Pilli... thanks a lot.
I'm sure we're in broad agreement here... a limited/tailored number of apps in Protection and everything in Execution Protection (Security). Just that from reading some of the threads some people must have everything and the kitchen sink in Protection. I'm not knocking that, just wondered if that was the way to go, but I'm happy as I am.

I rmember vaguely having this same conversation with you many months ago..

So we can leave it there then... as ever, much obliged.!!

 

My protection scheme for PG is more along the lines that Peter is doing. Anything that sits in memory permanently or for extended periods is added in my list. Sometimes this causes a ripple affect of having to include supporting modules of the primary executable that is protected. Also I take into consideration programs that are prone to malicious attacks just because of their popularity/distribution and/or have a history of being stomped on by criminals.

As for the PG log, yep, I understand that it is easy to clear via Windows Explorer or as you suggested, Peter. I'm thinking along the lines of the novice computer user who might take on PG or those users who may not recognize that after a few days the log is 5 mb, then 10 mb, then 15 mb, etc. Having a visible clear/delete/reset hotkey in PG GUI for the log will trigger most users to at least take a look at the log size...if you know what I mean.

HTHs and JMO

 

Peter and siliconman01

Thanks both very much for your input, I find your posts are very,very helpful for somebody like me in trying to make decisions (and why). I'm past the newbie stage, have reinstalled XP (once) and my PC is secure and well protected. There are plenty of gaps in my knowledge though and I try to fill those in by lurking on the odd forum or two picking other peoples brains and experience.
So.. much appreciated.

 

With regard to siliconman01's comment about clearing the log file, my user account (Win2000) doesn't have permission to make changes under the directories C:\WINNT or C:\Program_Files.. Although it's more secure, one downside is frequently needing to start a program to "runas" the admin account. To start procguard.exe I must enter my admin logname/password. I must enter them a second time to get permission to clear the log file. A button to clear the log from procguard.exe would make life just a bit simpler.

 

something to limit the size of the log-file would be nice.. i think one time i saw it where it was 13 mbs.. now i routinely open the log file and delete all the text..

i feel more comfortable with the new 3.05 release than i did with the recent 3.0 release.. i preferred the red icons in the beta versions..

 

The logfile size will not matter in regards to performance. Since ProcessGuard only appends to the logfile (doesn't have to read any of it), it is a very effecient and quick process.